Details:
| Summary | The Italian DPA has imposed a fine of EUR 100,000 on Lazio Region.
An individual had filed a complaint with the DPA because she had received an invitation from the regional health authority to participate in the cervical cancer screening program that was addressed to her daughter, who died in 1995. During its investigation, the DPA discovered that the daughter’s data was still in the region’s database even though she had already died. As the owner of the data, the Region should have ensured that the personal information was accurate and updated as necessary, and taken all reasonable steps to delete or correct the information it used in a timely manner. In addition to the above, the Garante also found that the Region had not properly provided data subjects with the required information about the processing of their personal data when sending out the invitation letters for a cervical cancer screening campaign. In imposing the fine, the DPA took into account, as an aggravating factor, that the Region had already received a fine. |
| Link: | link link |
| Related articles: | Art. 5 (1) a), d) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 24 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 100,000 |
| Sector | Health Care |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/